tpm2: move event tag sd-boot/sd-stub to make measurements with into src/fundamental/

Ultimately we want to be able to recognize these in userspace, hence
make them available in both UEFI mode and userspace.

While we are at it, let's rename the fields a bit, reflecting more what
they measure, not what the metadata is that we store about them.

diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 48fc79ea232731f54e6a9189114b3ac377868842..7b17088b0856b37052bc2aad506f82434421b149 100644 (file)
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -39,8 +39,6 @@ DECLARE_NOALLOC_SECTION(
 
 DECLARE_SBAT(SBAT_BOOT_SECTION_TEXT);
 
-#define LOADER_CONF_CONTENT_EVENT_TAG_ID UINT32_C(0xf5bc582a)
-
 typedef enum LoaderType {
         LOADER_UNDEFINED,
         LOADER_AUTO,
@@ -1573,7 +1571,7 @@ static void config_load_defaults(Config *config, EFI_FILE *root_dir) {
                                 TPM2_PCR_BOOT_LOADER_CONFIG,
                                 POINTER_TO_PHYSICAL_ADDRESS(content),
                                 content_size,
-                                LOADER_CONF_CONTENT_EVENT_TAG_ID,
+                                LOADER_CONF_EVENT_TAG_ID,
                                 u"loader.conf",
                                 /* ret_measured= */ NULL);
                 if (err != EFI_SUCCESS)

diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index d38f0206cfde1f35188d744bb10ba1390050db9d..572ea480f0e7f59c75538a44f93c2e48ac584acf 100644 (file)
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -26,8 +26,6 @@ DECLARE_NOALLOC_SECTION(".sdmagic", "#### LoaderInfo: systemd-stub " GIT_VERSION
 
 DECLARE_SBAT(SBAT_STUB_SECTION_TEXT);
 
-#define ADDON_FILENAME_EVENT_TAG_ID UINT32_C(0x6c46f751)
-
 static EFI_STATUS combine_initrd(
                 EFI_PHYSICAL_ADDRESS initrd_base, size_t initrd_size,
                 const void * const extra_initrds[], const size_t extra_initrd_sizes[], size_t n_extra_initrds,
@@ -314,7 +312,7 @@ static void dtb_install_addons(
                                         TPM2_PCR_KERNEL_CONFIG,
                                         POINTER_TO_PHYSICAL_ADDRESS(dt_bases[i]),
                                         dt_sizes[i],
-                                        ADDON_FILENAME_EVENT_TAG_ID,
+                                        DEVICETREE_ADDON_EVENT_TAG_ID,
                                         dt_filenames[i],
                                         &m);
                         if (err != EFI_SUCCESS)

diff --git a/src/fundamental/tpm2-pcr.h b/src/fundamental/tpm2-pcr.h
index 57befdf83b1e54235f497dc95d2e224e6f199c67..d0d5b74d0c5a1e5e42129668c87733b86fd4d1aa 100644 (file)
--- a/src/fundamental/tpm2-pcr.h
+++ b/src/fundamental/tpm2-pcr.h
@@ -43,3 +43,9 @@ enum {
         TPM2_PCR_DEBUG               = 16,
         TPM2_PCR_APPLICATION_SUPPORT = 23,
 };
+
+/* The tag used for EV_EVENT_TAG event log records covering the boot loader config */
+#define LOADER_CONF_EVENT_TAG_ID UINT32_C(0xf5bc582a)
+
+/* The tag used for EV_EVENT_TAG event log records covering Devicetree blobs */
+#define DEVICETREE_ADDON_EVENT_TAG_ID UINT32_C(0x6c46f751)